CloudFormation / Client / update_stack

update_stack#

CloudFormation.Client.update_stack(**kwargs)#

Updates a stack as specified in the template. After the call completes successfully, the stack update starts. You can check the status of the stack through the DescribeStacks action.

To get a copy of the template for an existing stack, you can use the GetTemplate action.

For more information about updating a stack and monitoring the progress of the update, see Managing Amazon Web Services resources as a single unit with CloudFormation stacks in the CloudFormation User Guide.

See also: AWS API Documentation

Request Syntax

response = client.update_stack(
    StackName='string',
    TemplateBody='string',
    TemplateURL='string',
    UsePreviousTemplate=True|False,
    StackPolicyDuringUpdateBody='string',
    StackPolicyDuringUpdateURL='string',
    Parameters=[
        {
            'ParameterKey': 'string',
            'ParameterValue': 'string',
            'UsePreviousValue': True|False,
            'ResolvedValue': 'string'
        },
    ],
    Capabilities=[
        'CAPABILITY_IAM'|'CAPABILITY_NAMED_IAM'|'CAPABILITY_AUTO_EXPAND',
    ],
    ResourceTypes=[
        'string',
    ],
    RoleARN='string',
    RollbackConfiguration={
        'RollbackTriggers': [
            {
                'Arn': 'string',
                'Type': 'string'
            },
        ],
        'MonitoringTimeInMinutes': 123
    },
    StackPolicyBody='string',
    StackPolicyURL='string',
    NotificationARNs=[
        'string',
    ],
    Tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ],
    DisableRollback=True|False,
    ClientRequestToken='string',
    RetainExceptOnCreate=True|False
)
Parameters:
  • StackName (string) –

    [REQUIRED]

    The name or unique stack ID of the stack to update.

  • TemplateBody (string) –

    Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.

    Conditional: You must specify only one of the following parameters: TemplateBody, TemplateURL, or set the UsePreviousTemplate to true.

  • TemplateURL (string) –

    Location of file containing the template body. The URL must point to a template that’s located in an Amazon S3 bucket or a Systems Manager document. The location for an Amazon S3 bucket must start with https://.

    Conditional: You must specify only one of the following parameters: TemplateBody, TemplateURL, or set the UsePreviousTemplate to true.

  • UsePreviousTemplate (boolean) –

    Reuse the existing template that is associated with the stack that you are updating.

    Conditional: You must specify only one of the following parameters: TemplateBody, TemplateURL, or set the UsePreviousTemplate to true.

  • StackPolicyDuringUpdateBody (string) –

    Structure containing the temporary overriding stack policy body. You can specify either the StackPolicyDuringUpdateBody or the StackPolicyDuringUpdateURL parameter, but not both.

    If you want to update protected resources, specify a temporary overriding stack policy during this update. If you don’t specify a stack policy, the current policy that is associated with the stack will be used.

  • StackPolicyDuringUpdateURL (string) –

    Location of a file containing the temporary overriding stack policy. The URL must point to a policy (max size: 16KB) located in an S3 bucket in the same Region as the stack. The location for an Amazon S3 bucket must start with https://. You can specify either the StackPolicyDuringUpdateBody or the StackPolicyDuringUpdateURL parameter, but not both.

    If you want to update protected resources, specify a temporary overriding stack policy during this update. If you don’t specify a stack policy, the current policy that is associated with the stack will be used.

  • Parameters (list) –

    A list of Parameter structures that specify input parameters for the stack. For more information, see the Parameter data type.

    • (dict) –

      The Parameter data type.

      • ParameterKey (string) –

        The key associated with the parameter. If you don’t specify a key and value for a particular parameter, CloudFormation uses the default value that’s specified in your template.

      • ParameterValue (string) –

        The input value associated with the parameter.

      • UsePreviousValue (boolean) –

        During a stack update, use the existing parameter value that the stack is using for a given parameter key. If you specify true, do not specify a parameter value.

      • ResolvedValue (string) –

        Read-only. The value that corresponds to a Systems Manager parameter key. This field is returned only for Systems Manager parameter types in the template. For more information, see Use CloudFormation-supplied parameter types in the CloudFormation User Guide.

  • Capabilities (list) –

    In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to update the stack.

    • CAPABILITY_IAM and CAPABILITY_NAMED_IAM Some stack templates might include resources that can affect permissions in your Amazon Web Services account, for example, by creating new IAM users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities. The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.

      • If you have IAM resources, you can specify either capability.

      • If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.

      • If you don’t specify either of these capabilities, CloudFormation returns an InsufficientCapabilities error.

    If your stack template contains these resources, we suggest that you review all permissions associated with them and edit their permissions if necessary.

    For more information, see Acknowledging IAM resources in CloudFormation templates.

    • CAPABILITY_AUTO_EXPAND Some template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually updating the stack. If your stack template contains one or more macros, and you choose to update a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by CloudFormation. If you want to update a stack from a stack template that contains macros and nested stacks, you must update the stack directly from the template using this capability.

    Warning

    You should only update stacks directly from a stack template that contains macros if you know what processing the macro performs. Each macro relies on an underlying Lambda service function for processing stack templates. Be aware that the Lambda function owner can update the function operation without CloudFormation being notified.

    For more information, see Perform custom processing on CloudFormation templates with template macros.

    Note

    Only one of the Capabilities and ResourceType parameters can be specified.

    • (string) –

  • ResourceTypes (list) –

    The template resource types that you have permissions to work with for this update stack action, such as AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance.

    If the list of resource types doesn’t include a resource that you’re updating, the stack update fails. By default, CloudFormation grants permissions to all resource types. IAM uses this parameter for CloudFormation-specific condition keys in IAM policies. For more information, see Control access with Identity and Access Management.

    Note

    Only one of the Capabilities and ResourceType parameters can be specified.

    • (string) –

  • RoleARN (string) –

    The Amazon Resource Name (ARN) of an IAM role that CloudFormation assumes to update the stack. CloudFormation uses the role’s credentials to make calls on your behalf. CloudFormation always uses this role for all future operations on the stack. Provided that users have permission to operate on the stack, CloudFormation uses this role even if the users don’t have permission to pass it. Ensure that the role grants least privilege.

    If you don’t specify a value, CloudFormation uses the role that was previously associated with the stack. If no role is available, CloudFormation uses a temporary session that is generated from your user credentials.

  • RollbackConfiguration (dict) –

    The rollback triggers for CloudFormation to monitor during stack creation and updating operations, and for the specified monitoring period afterwards.

    • RollbackTriggers (list) –

      The triggers to monitor during stack creation or update actions.

      By default, CloudFormation saves the rollback triggers specified for a stack and applies them to any subsequent update operations for the stack, unless you specify otherwise. If you do specify rollback triggers for this parameter, those triggers replace any list of triggers previously specified for the stack. This means:

      • To use the rollback triggers previously specified for this stack, if any, don’t specify this parameter.

      • To specify new or updated rollback triggers, you must specify all the triggers that you want used for this stack, even triggers you’ve specified before (for example, when creating the stack or during a previous stack update). Any triggers that you don’t include in the updated list of triggers are no longer applied to the stack.

      • To remove all currently specified triggers, specify an empty list for this parameter.

      If a specified trigger is missing, the entire stack operation fails and is rolled back.

      • (dict) –

        A rollback trigger CloudFormation monitors during creation and updating of stacks. If any of the alarms you specify goes to ALARM state during the stack operation or within the specified monitoring period afterwards, CloudFormation rolls back the entire stack operation.

        • Arn (string) – [REQUIRED]

          The Amazon Resource Name (ARN) of the rollback trigger.

          If a specified trigger is missing, the entire stack operation fails and is rolled back.

        • Type (string) – [REQUIRED]

          The resource type of the rollback trigger. Specify either AWS::CloudWatch::Alarm or AWS::CloudWatch::CompositeAlarm resource types.

    • MonitoringTimeInMinutes (integer) –

      The amount of time, in minutes, during which CloudFormation should monitor all the rollback triggers after the stack creation or update operation deploys all necessary resources.

      The default is 0 minutes.

      If you specify a monitoring period but don’t specify any rollback triggers, CloudFormation still waits the specified period of time before cleaning up old resources after update operations. You can use this monitoring period to perform any manual stack validation desired, and manually cancel the stack creation or update (using CancelUpdateStack, for example) as necessary.

      If you specify 0 for this parameter, CloudFormation still monitors the specified rollback triggers during stack creation and update operations. Then, for update operations, it begins disposing of old resources immediately once the operation completes.

  • StackPolicyBody (string) –

    Structure containing a new stack policy body. You can specify either the StackPolicyBody or the StackPolicyURL parameter, but not both.

    You might update the stack policy, for example, in order to protect a new resource that you created during a stack update. If you don’t specify a stack policy, the current policy that is associated with the stack is unchanged.

  • StackPolicyURL (string) –

    Location of a file containing the updated stack policy. The URL must point to a policy (max size: 16KB) located in an S3 bucket in the same Region as the stack. The location for an Amazon S3 bucket must start with https://. You can specify either the StackPolicyBody or the StackPolicyURL parameter, but not both.

    You might update the stack policy, for example, in order to protect a new resource that you created during a stack update. If you don’t specify a stack policy, the current policy that is associated with the stack is unchanged.

  • NotificationARNs (list) –

    Amazon Simple Notification Service topic Amazon Resource Names (ARNs) that CloudFormation associates with the stack. Specify an empty list to remove all notification topics.

    • (string) –

  • Tags (list) –

    Key-value pairs to associate with this stack. CloudFormation also propagates these tags to supported resources in the stack. You can specify a maximum number of 50 tags.

    If you don’t specify this parameter, CloudFormation doesn’t modify the stack’s tags. If you specify an empty value, CloudFormation removes all associated tags.

    • (dict) –

      The Tag type enables you to specify a key-value pair that can be used to store information about an CloudFormation stack.

      • Key (string) – [REQUIRED]

        Required. A string used to identify this tag. You can specify a maximum of 128 characters for a tag key. Tags owned by Amazon Web Services have the reserved prefix: aws:.

      • Value (string) – [REQUIRED]

        Required. A string containing the value for this tag. You can specify a maximum of 256 characters for a tag value.

  • DisableRollback (boolean) –

    Preserve the state of previously provisioned resources when an operation fails.

    Default: False

  • ClientRequestToken (string) –

    A unique identifier for this UpdateStack request. Specify this token if you plan to retry requests so that CloudFormation knows that you’re not attempting to update a stack with the same name. You might retry UpdateStack requests to ensure that CloudFormation successfully received them.

    All events triggered by a given stack operation are assigned the same client request token, which you can use to track operations. For example, if you execute a CreateStack operation with the token token1, then all the StackEvents generated by that operation will have ClientRequestToken set as token1.

    In the console, stack operations display the client request token on the Events tab. Stack operations that are initiated from the console use the token format Console-StackOperation-ID, which helps you easily identify the stack operation . For example, if you create a stack using the console, each stack event would be assigned the same token in the following format: Console-CreateStack-7f59c3cf-00d2-40c7-b2ff-e75db0987002.

  • RetainExceptOnCreate (boolean) –

    When set to true, newly created resources are deleted when the operation rolls back. This includes newly created resources marked with a deletion policy of Retain.

    Default: false

Return type:

dict

Returns:

Response Syntax

{
    'StackId': 'string'
}

Response Structure

  • (dict) –

    The output for an UpdateStack action.

    • StackId (string) –

      Unique identifier of the stack.

Exceptions

  • CloudFormation.Client.exceptions.InsufficientCapabilitiesException

  • CloudFormation.Client.exceptions.TokenAlreadyExistsException